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DETAILED ACTION 



1 . Claims 1-35 are pending in this office action. 

2. Applicant's arguments, filed December 15, 2004, have been fully considered but 
they are not persuasive. 

Rejections 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 102 

4. Claims 1-35 are rejected under 35 U.S.C. 102(e) as being anticipated by Bruno 
et al. (U.S. Patent No. 6,604,123). 

Regarding claim 1 . Bruno et al. teaches a system to facilitate substantially secure 
communication of data from a user-level process, comprising: 

• At least a first queue associated with the process, such that the process is 
operative to directly communicate a message relative to the first queue (fig. 3, 
ref. num 318); and 

• A first communication context operative to communicate the message between 
the first queue and a second communication context (fig. 3, ref. num 506); 
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• Wherein communication between the first queue and the first communications 
context is controlled based on whether an appropriate association exists between 
the first queue and the first communications context, the association between the 
first queue and the first communications context being provided through a 
privileged operation not adjustable by the user-level process (col. 8, lines 3-13). 

Regarding claim 2 , Bruno et al. teaches wherein the first queue and the first 
communication context reside at a first node that is different from that of the second 
communication context (fig. 3, ref. num 312 different from 314). 

Regarding claim 3 , Bruno et al. teaches further comprising an interface at the first 
node operative to validate messages communicated from the first queue to the first 
communication context (col. 7, lines 23-27). 

Regarding claim 4 , Bruno et al. teaches wherein the interface is operative to 
prevent messages from being communicated from the first queue to the first 
communication context if an association mismatch exists between the first queue and 
the first communication context (col. 7, lines 23-27). 

Regarding claim 5 , Bruno et al. teaches wherein the appropriate association 
between the first queue and the first communication context requires membership to a 
common domain (col. 7, lines 27-54). 
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Regarding claim 6 . Bruno etal. teaches further comprising a second queue 
associated with a second process at the first node, such that the second process is 
operative to directly communicate a message to the second queue (fig. 1 , ref. num 116 
and 120, a first and second queue, respectively). 

Regarding claim 7 , Bruno et al. teaches wherein the second queue is associated 
with the common domain through a privileged operation, such that the first and second 
queues can share the first communication context to communicate messages through a 
channel defined by the first communication context and the second communication 
context, each of the first and second queues being operative to communicate messages 
with at least one process at a node where the second communication context resides 
(fig. 3, ref. num 312 and 314 can both communicate to 318, which is in a privileged 
mode). 

Regarding claim 8 , Bruno et al. teaches wherein the first process further 
comprises a process operating in a user mode and the second process comprises a 
process operating in a user mode (fig. 3, ref. num 502 and 506, a first and second 
process). 

Regarding claim 9 t Bruno et al. teaches further including a third communication 
context associated with the second queue through a privileged operation at the first 
node, the third communication context enabling communication between the third 
communication context and a fourth communication context that resides a node 
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different from the first node (fig. 3, ref. num 316 is a privileged operation between 312 
and 314, which communicates to 308). 

Regarding claim 10 , Bruno et al. teaches wherein the common domain is a first 
domain, the association between the second queue and the third communication 
context corresponding to a second domain that is different from the first domain, 
wherein each communication channel established in the second domain is isolated from 
each channel established in the first domain (fig. 1, ref. hum 1 16 and 120, each channel 
is isolated). 

Regarding claim 11 , Bruno et al. teaches wherein the first queue and the first 
communication context reside at a first node that is different from a second node at 
which the second communication context resides, the system further comprising a third 
communication context at the first node to enable communication of messages between 
the third communication context and a fourth communication context that resides at a 
third node that is different from the first node (fig. 3, ref. num 312 communicates with 
314 separately than 312 communicates with 308). 

Regarding claim 12 , Bruno et al. teaches wherein the first queue is associated 
with the third communication context through a privileged operation, such that the first 
process is operative to communicate the message over a communication channel 
established between the third communication context and a fourth communication 
context that resides at the third node, which is different from the second node (fig. 3, ref. 
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num 318 resides in the privileged mode, controlling operations between 312, 314, and 
310). 

Regarding claim 13 . Bruno et al. teaches wherein the first queue and the first 
communication context are associated so as to be part of a first domain, the system 
further comprising a second queue is associated with a second process, the second 
queue being associated with a third communication context so as to be part of second 
domain that is isolated relative to the first domain (fig. 3, ref. num 312 and 308). 

Regarding claim 14 , Bruno et al. teaches a system to facilitate communication of 
data, comprising: 

• A virtual hardware component at a first node operable to communicate a 
message received directly from an associated process (fig. 3, ref. num 318); and 

• A first channel endpoint established at the first node, the first channel endpoint 
being operative to communicate messages to a second channel endpoint 
residing at a second node (fig. 3, ref. num 602); 

• Wherein each of the virtual component and the first channel endpoint is 
associated with a respective domain through a privileged operation at the first 
node, communication of messages between the virtual component and the first 
channel endpoint being controlled based on validation of the respective domains 
for the virtual component and the first channel endpoint (col. 8, lines 3-13). 
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Regarding claim 15 , Bruno et al. teaches wherein hardware at the first node is 
operative to prevent messages from being sent between the virtual component and the 
first channel endpoint in response to detecting an invalid association between the virtual 
component and the first channel endpoint (col. 7, lines 23-27). 

Regarding claim 16 , Bruno et al. teaches wherein the virtual component is a first 
virtual component, the system further comprising a second virtual hardware component 
operative to communicate a message directly with an associated process at the first 
node (col. 7, lines 23-54). 

Regarding claim 17 , Bruno et al. teaches wherein the second virtual hardware 
component and the first virtual hardware component are members of a common 
domain, domain membership being assigned through a privileged operation not 
adjustable by the first or second process, wherein the first and second virtual 
components are operative to share the first channel endpoint of the first node, such that 
each of the first and second processes can communicate messages with at least one 
process at the second node (fig. 3, ref. num 316). 



Regarding claim 18 , Bruno et al. teaches further including a third channel 
endpoint at the first node, the third channel endpoint being operative to communicate 
messages with a fourth channel endpoint that resides at a node different from the first 
node (fig. 3, ref. num 504 or 512). 
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Regarding claim 19 , Bruno et al. teaches wherein the virtual component is a first 
virtual hardware component, the system further comprising a second virtual hardware 
component at the first node that is associated with the third channel endpoint through a 
privileged operation at the first node (fig. 1 , ref. num 1 16 and 120 communicates with 
the other protected domains). 

Regarding claim 20 , Bruno et al. teaches wherein each of the first and third 
channel endpoints belongs to different domains, such that each communication channel 
established between associated channel endpoints in one of the domains is isolated 
from each communication channel established between associated channel endpoints 
in each other of the domains (fig. 1 , ref. num 1 1 4 and 1 1 8 are different domains). 

Regarding claim 21 , Bruno et al. teaches wherein each of the first and third 
channel endpoints belongs to a common domain, such that each of the first and second 
processes at the first node is operative to share first and third channel endpoints to 
respectively communicate a message with at least one process at the second and third 
nodes based on data in the respective message (fig. 1, ref. num 1 16 and 120 are same 
domains). 

Regarding claim 22 , Bruno et al. teaches a system to facilitate communication of 
data, comprising: 

• Storage means for receiving a message provided directly from a user-level 
process (fig. 3, ref. num 318); 
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• Communication means associated with the storage means for, upon validation of 
a domain association between the storage means and the communication 
means, sending the stored request to a corresponding communication means at 
another node in the system (fig. 3, ref. num 602); and 

• Validation means for validating the association between the storage means and 
the communication means, the storage means and the communication means 
being associated in a privileged operation not adjustable by user-level processes 
(col. 8, lines 3-13). 

Regarding claim 23 . Bruno et al. teaches a system to facilitate communication of 
data, comprising: 

• Virtual storage means at a first node for storing a message for direct 
communication relative to a user-level process (fig. 3, ref. num 318); 

• Endpoint communication means at the first node for means for, upon determining 
a common domain membership for the storage means and the endpoint 
communication means, enabling communication between the virtual storage 
means and the endpoint communication means (fig. 3, ref. num 602); and 

• Control means for independently controlling domain membership for each of the 
virtual storage means and the endpoint communication means (col. 8, lines 3- 
13). 



Regarding claim 24 . Bruno et al. teaches wherein the endpoint communication 
means further includes means for preventing communication of messages between the 
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virtual storage means and the endpoint communication means in the absence of a 
common domain membership among virtual storage means and the endpoint 
communication means (col. 7, lines 23-54). 

Regarding claim 25 , Bruno et al. teaches wherein the endpoint communication 
means further includes means for permitting communication of messages between the 
virtual storage means and the endpoint communication means when common domain 
membership exists among virtual storage means and the endpoint communication 
means (col. 7, lines 23-54). 

Regarding claim 26 , Bruno et al. teaches a computer-readable medium having 
computer-executable instructions for: 

• In a privileged mode, setting domain membership for a queue of a first node and 
setting domain membership for a communication component of the first node, the 
communication component of the first node being operable to communicate 
messages with a corresponding communication component at a second node, 
the domain membership being inaccessible by user-level processes, the queue 
being mapped into memory of an associated user-level process at the first node, 
such that the user-level process can communicate directly with the queue (col. 8, 
lines 3-13); and 

• Controlling communication of message between the queue and the 
communication component based on the domain membership set for each of the 
queue and the communication component (col. 7, line 55 through col. 8, line 2). 
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Regarding claim 27 . Bruno et al. teaches having further computer-executable 
instructions for providing an error message to the associated user-level process if the 
domain membership between the queue and the communication component is invalid 
(col. 7, lines 23-54). 

Regarding claim 28 . Bruno et al. teaches having further computer-executable 
instructions for analyzing the message to identify which of a plurality of communication 
contexts is designated and validating domain membership between the queue and the 
designated communication context to control communication of the message between 
the queue and the designated communication context (col. 7, lines 23-54). 

Regarding claim 29 . Bruno et al. teaches a method to facilitate communication in 
a system architecture in which a process is operative to communicate a message 
directly with a storage component coupled to at least one local communications 
component in a node for communicating the message for receipt by a second 
communications component, the method comprising: 

• Associating the storage component with a domain for temporarily storing the 
message (fig. 3, ref. num 318); 

• Associating the local communications component with a domain (fig. 3, ref. num 
602); and 

• Controlling communication of a message between the storage component and 
the local communications component based on the domain of the storage 
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component and the domain of the local communications component (col. 8, lines 
3-13). 

Regarding claim 30 . Bruno et al. teaches wherein the domain for the storage 
component and the domain for the association of the local communications component 
are implemented independently in privileged operation not adjustable by the user-level 
process (fig. 3, ref. num 316). 

Regarding claim 31 , Bruno et al. teaches wherein the controlling further 
comprises validating the domain of the storage component relative the domain of the 
local communication component (col. 7, lines 27-47). 

Regarding claim 32 . Bruno et al. teaches further comprising preventing 
communication of the message from the storage component to the communication 
component in the absence of a match between the domain of the storage component 
and the domain of the communication component (col. 7, lines 23-27). 



Regarding claim 33 . Bruno et al. teaches further comprising generating an error 
message in the absence of a match between the domain of the at least part of the 
storage component and the domain of the communication component (col. 6, lines 15- 
19). 
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Regarding claim 34 , Bruno et al. teaches further comprising sending the 
message from the storage component to the communication component in response to 
a valid association existing between the domain of the storage component and the 
domain of the communication component (col. 7, lines 27-54). 

Regarding claim 35 , Bruno et al. teaches further comprising discerning from the 
message which of at least one of a plurality of communication components is 
designated and validating association between the storage component and each 
designated communication component to control communication of the message 
between the storage component and each designated communication component (col. 
7, lines 23-54). 

Response to Arguments 

5. Applicant argues: 

a. Independent claim 1 does not show an association between a first queue 
and a first communication context provided through a privileged operation not 
adjustable by a user-level process (page 12, section A). 

b. Independent claim 14 does not show a virtual component and a first 
channel endpoint both established at a first node where each is associated with a 
respective domain through a privileged operation, communication of messages 
being controlled based on validation of the respective domains (page 12/13, 
section B). 
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c. Independent claim 22 does not show validating an association between a 
storage means and a communication means, the storage means and the 
communication means being associated in a privileged operation not adjustable 
by user-level processes, and storage means for receiving a message provided 
directly from a user-level process (page 13, section C). 

d. Independent claim 23 does not show virtual storage means at a first node, 
and endpoint communication means at the first node and upon determining a 
common domain membership for the storage means and the endpoint 
communications means, enabling communication between the virtual storage 
means and the endpoint communication means (page 13/14, section D). 

e. Independent claim 26 does not show in a privileged mode, setting domain 
membership for a queue of a first node and setting domain membership for a 
communication component of the first node, and controlling communication of 
message between the queue and the communication component based on the 
domain membership set for each of the queue and the communication 
component, the domain membership being inaccessible by user-level processes 
(page 14, section E). 

f. Independent claim 29 does not show controlling communication of a 
message based on a domain of a storage component and a domain of a local 
communications component (page 14/15, section F). 

g. The dependent claims are allowable based on their dependency on the 
independent claims. 
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Regarding argument (a), examiner disagrees with applicant. Figure 3 and 
column 8, lines 3-13, shows a first queue (318) and a first communication context (312) 
associated with each other by a system call (602). They are associated with each other 
because the server (308) defines a specific portal (318) for the client (312) to use; 
therefore the client is associated with a specific server through the use of a specific 
portal (see col. 7, lines 23-54 of Bruno et al.). The operation is privileged— not 
adjustable by a user-level process — because the queue (318) is in the nucleus, which is 
privileged, whereas the communication context (312) is in the user-level, which is not 
privileged (see col. 6, lines 40-44 of Bruno et al.). 

Regarding argument (b), examiner disagrees with applicant. From the argument 
above (letter a), it is shown that the client has a privileged association with the queue 
that is non-adjustable by the user-level process. The first node is the client; the second 
node is the server. ''The client can communicate with server, through the use of the 
queue, ONLY because the server registered the particular portal code to associate the 
client with the server. Based on the association between the client and the queue, in 
order to communication with the server, claim 14 remains rejected. 

Regarding argument (c), examiner disagrees with applicant. See the response to 
arguments (a) and (b), above. The validation means are performed with help by the 
name server, who checks access restrictions and if access is approved the server 
information is given to the client (see col. 7, lines 23-33). The storage means for 
receiving a message provided directly from a user-level process remains on the client or 
server. It is well known that clients and server have storage means. 
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Regarding argument (d), examiner disagrees with applicant. See the response 
to arguments (a)-(c), above. 

Regarding argument (e), examiner disagrees with applicant. Bruno et al. teaches 
creating the portal code for the client to access the server in privileged mode. The 
portal manager (314) establishes the portal code locations (316) in the nucleus (or 
privileged mode). As for controlling communication of messages between the queue 
and the communication component ... inaccessible by user-level processes, these 
steps are taught as explained in response to arguments section (a)-(c), above. 

Regarding argument (f), examiner disagrees with applicant. See the response to 
arguments (a)-(c), above. 

Regarding argument (g), examiner disagrees with applicant. Based on the 
arguments set forth by the examiner for arguments (a)-(f), the dependent claims stand 
as rejected. 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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